PacketFence 2.2.0 released!

The Inverse Team is pleased to announce the immediate availability of PacketFence 2.2.0. This is a major release bringing new hardware support, new features, enhancements, bug fixes and new translations. This release is considered ready for production use.

=== What is PacketFence ? ===

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boosting an impressive feature set including:

* Registration and remediation through a captive portal
* Detection of abnormal network activities using Snort IDS
* Proactive vulnerability scans using Nessus
* Isolation of problematic devices
* 802.1X for wired and wireless networks
* Wireless integration for all provided features
* Supports complex and heterogeneous environments
* VoIP / IP Telephony support and more!

A set of screenshots is available from and a set of videos is available from

=== Changes Since Previous Release ===

New Hardware Support
* Motorola RF Switches (Wireless Controllers)
* 3Com Switches 4200G, E4800G and E5500G now supports MAC Authentication and 802.1X
* Dlink DGS 3100 Switches

New features
* Captive Portal network access detection is more accurate and way faster (javascript-based)
* Easier integration and configuration of FreeRADIUS 2.x using our new packetfence-freeradius2 RPM
* Apache configuration is automatically adjusted on startup based on system resources to avoid performance degradation on heavy workloads (#1204)
* New reports: Nodes per SSID (#1126) and Connection-Type (#1125)
* User-Agent violation support completely re-written. It is now easier than ever to block devices or old browsers from your network. (#769, #1192)
* Administrators can now modify and preview remediation pages from the Web Admin
* VoIP autodetection in Wired 802.1X and Wired MAC Authentication can now use CDP / LLDP if available (#1175)
* Kerberos Authentication on the Captive Portal (Thanks to Brad Lhotsky from NIH)

* Moved several configuration files from conf/templates/ into conf/ (#1166)
* SSL certificate configuration for httpd is now in a separate file that is not overwritten by packages making it easier to maintain (#1207)
* 3Com Super Stack 4500 now uses SNMP for MAC authorization (port-security)
* OS Class ID are now visible when viewing DHCP Fingerprints (#1181)
* Log levels can be changed without a restart (#748)
* Process ID information in the logs for some daemons
* Captive Portal minor usability improvements
* Reorganized default violation classes to be more coherent and self-documented
* More violation classes validation on startup (#992)
* Improved database configuration error reporting
* DHCP fingerprints sharing now allows submitter to send computer name, user-agent and a contact email to help us identify the devices better (#983)
* Meru module now supports firmware version identification
* Improvements in the logrotate script (#1198)
* MAC address format xxxx-xxxx-xxxx supported in our FreeRADIUS' module
* Removed unused configuration parameters (#767)
* Refactoring of the code base (#1058)
* New DHCP fingerprint for Cisco SPA series IP Phone, Mikrotik, Freebox, AeroHive Hive AP, Ubuntu Server, Suse Linux Desktop 11, Synology NAS, Polycom Conference IP Phone and Generic Intel PXE

* Improvement to the samba configuration provided in the administration guide to fix uid mapping issues (#1205)
* FAQ entry: Active directory integration in registration network
* Updated Developer documentation regarding how to support new wireless hardware
* Wired 802.1X and MAC Authentication corrections in Network Devices Guide
* Minor corrections to the Administration Guide (#743)

Bug Fixes
* Fixed an important problem with VoIP in Wired 802.1X and Wired MAC Authenication modes (#1202)
* Fixed important Nortel support regressions (introduced in 2.1.0: #1183, #1195)
* Fixed an issue with the Meru module: If the controller sent SNMP traps to PacketFence a thread would crash. Hopefully this configuration is not required and is rarely done. Regression prevention tests have been added.
* Fixed an issue with pfcmd-initiated VLAN re-evaluation if you assign VLANs based on a client's connection-type (which is not the default)
* Fixed DHCP fingerprint sharing upload form
* Violation grace no longer ignores time modifiers like minutes (#1154)
* Fixed OS id not visible when dhcp-fingerprint view is filtered (#1180)
* Fixed rare case of Web Admin user account corruption causing homepage to become status/dashboard instead of status/dashboard.php (#1196)
* Warning avoidance in Extreme Network modules
* installer and configurator scripts no longer output passwords on the terminal (#1021)
* Fixed warnings and improved error reporting in our FreeRADIUS module (#1176)
* Fixed broken person lookups if username is an email address (#1206)
* Fixed Web Admin which referred to an inexistent Meru MC3000 module (it was renamed Meru::MC in 2.0.1)
* Fixed overly aggressive Web Administration password validation (#1209)

* New German (de) translation (Thanks to Tino Matysiak of Meetyoo Conferencing)

... and more. See the ChangeLog file for the complete list of changes and the UPGRADE file for notes about upgrading. Both files are in the PacketFence distribution.

=== Getting PacketFence ===

PacketFence is free software and is distributed under the GNU GPL. As such, you are free to download and try it by either getting the new release from:

or by getting the sources from the official monotone server using the instructions at

Documentation about the installation and configuration of PacketFence is available from:

=== How Can I Help ? ===

PacketFence is a collaborative effort in order to create the best Free and Open Source NAC solution. There are multiple ways you can contribute to the project:

* Documentation reviews, enhancements and translations
* Feature requests or by sharing your ideas
* Participate in the discussion on mailing lists (
* Patches for bugs or enhancements
* Provide new translations of remediation pages

=== Getting Support ===

For any questions, do not hesitate to contact us by writing to

You can also fill our online form ( and a representative from Inverse will contact you.

Inverse offers professional services to organizations willing to secure their wired and wireless networks with the PacketFence solution.

This release introduces several new changes that we were quite excited
about and we hope you'll enjoy all of it.

Posted by Olivier Bilodeau 2011-05-03